diff --git a/.env.sample b/.env.sample
index d232c47..41dda22 100644
--- a/.env.sample
+++ b/.env.sample
@@ -8,7 +8,7 @@ DOMAIN=hedgedoc.example.com
 LETS_ENCRYPT_ENV=production
 
 SECRET_DB_PASSWORD_VERSION=v1
-
+SECRET_CMD_SESSION_SECRET=v1
 COMPOSE_FILE="compose.yml"
 
 # OAuth, see https://docs.hedgedoc.org/guides/auth/keycloak/
@@ -42,6 +42,7 @@ COMPOSE_FILE="compose.yml"
 # CMD_CSP_REPORTURI=undefined
 # CMD_DEFAULT_PERMISSION=editable
 # CMD_EMAIL=true
+# CMD_REQUIRE_FREEURL_AUTHENTICATION=false
 # CMD_SESSION_LIFE=1209600000
 # Only present in config.json (no equivalent env var):
 # DOCUMENT_MAX_LENGTH=100000
diff --git a/README.md b/README.md
index f1d0e4e..bd64245 100644
--- a/README.md
+++ b/README.md
@@ -25,8 +25,8 @@
 5. `abra app deploy YOURAPPDOMAIN`
 6. Create initial user:
 	```
-	abra app YOURAPPDOMAIN run app bash
-	. /docker-entrypoint2.sh -e
+	abra app run YOURAPPDOMAIN app bash
+	. /docker-entrypoint.sh -e
 	bin/manage_users
 
 [hedegedoc]: https://github.com/hedgedoc/hedgedoc
diff --git a/abra.sh b/abra.sh
index 76461a6..ab5889e 100644
--- a/abra.sh
+++ b/abra.sh
@@ -1,13 +1 @@
-export ENTRYPOINT_CONF_VERSION=v8
-
-abra_backup_app() {
-  _abra_backup_dir "app:/home/hackmd/app/public/uploads/"
-}
-
-abra_backup_db() {
-  _abra_backup_postgres "db" "codimd" "codimd" "db_password"
-}
-
-abra_backup() {
-  abra_backup_app && abra_backup_db
-}
+export ENTRYPOINT_CONF_VERSION=v9
diff --git a/compose.yml b/compose.yml
index fac0a4e..227396d 100644
--- a/compose.yml
+++ b/compose.yml
@@ -25,6 +25,7 @@ services:
       - CMD_CSP_REPORTURI
       - CMD_DEFAULT_PERMISSION
       - CMD_EMAIL
+      - CMD_REQUIRE_FREEURL_AUTHENTICATION
       - CMD_SESSION_LIFE
       - DOCUMENT_MAX_LENGTH
     depends_on:
@@ -33,7 +34,7 @@ services:
       - proxy
       - internal
     volumes:
-      - codimd_uploads:/home/hackmd/app/public/uploads
+      - codimd_uploads:/hedgedoc/public/uploads
     secrets:
       - db_password
     entrypoint: /docker-entrypoint.sh
@@ -43,7 +44,6 @@ services:
         mode: 0555
       - source: config_json
         target: /files/config.json
-        mode: 0555
     deploy:
       restart_policy:
         condition: on-failure
@@ -57,6 +57,8 @@ services:
         - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
         - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
         - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
+        - "backupbot.backup=true"
+        - "backupbot.backup.path=/hedgedoc/public/uploads"
         - coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}
         - coop-cloud.${STACK_NAME}.version=0.6.0+1.9.9
     healthcheck:
@@ -79,12 +81,18 @@ services:
       - internal
     deploy:
       labels:
-          backupbot.backup: "true"
-          backupbot.backup.pre-hook: "mkdir -p /tmp/backup/ && PGPASSWORD=$$(cat $${POSTGRES_PASSWORD_FILE}) pg_dump -U $${POSTGRES_USER} $${POSTGRES_DB} > /tmp/backup/backup.sql"
-          backupbot.backup.post-hook: "rm -rf /tmp/backup"
-          backupbot.backup.path: "/tmp/backup/"
-          backupbot.restore: "true"
-          backupbot.restore.post-hook: "sh -c 'psql -U $${POSTGRES_USER} -d $${POSTGRES_DB} < ./backup.sql && rm -f ./backup.sql'"
+        backupbot.backup: "true"
+        backupbot.backup.pre-hook: "mkdir -p /tmp/backup/ && PGPASSWORD=$$(cat $${POSTGRES_PASSWORD_FILE}) pg_dump -U $${POSTGRES_USER} $${POSTGRES_DB} > /tmp/backup/backup.sql"
+        backupbot.backup.post-hook: "rm -rf /tmp/backup"
+        backupbot.backup.path: "/tmp/backup/"
+        backupbot.restore: "true"
+        backupbot.restore.post-hook: "sh -c 'psql -U $${POSTGRES_USER} -d $${POSTGRES_DB} < ./backup.sql && rm -f ./backup.sql'"
+    healthcheck:
+      test: "pg_isready"
+      interval: 30s
+      timeout: 10s
+      retries: 5
+      start_period: 1m
 volumes:
   postgres:
   codimd_uploads: